Trend Micro InterScan Web Security Suite is an application which dynamically defends against web-based attacks at the Internet gateway.
Trend Micro InterScan Web Security Suite is vulnerable to local privilege escalation vulnerability. The binary "patchCmd" has sticky permissions for the "setuid" and "setgid" with the user root. The code performs a setuid(0) before a system() by that the execution will take root permissions regardless of user permissions. Local attackers can exploit this issue to execute arbitrary code with root privileges and completely compromise the affected computer.
No updates which address this vulnerability are available at this time.
This exploit has been tested against Trend Micro InterScan Web Security Suite 3.1 on Fedora 13 Linux.
SunOS / Solaris